Update LDAP authority and role handling to use LdapClient #17035
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replaced SpringSecurityLdapTemplate with LdapClient for improved LDAP search and entry handling. Refactored related methods and tests to handle `NamingException`, use `LdapName` for DNs, and support updated attribute handling with `Attributes`. Updated authority mapping logic to streamline nested group resolution and enhance test cases. Signed-off-by: Fernando Marino <f.marino@stariongroup.eu>
spring-projects-issues
added
the
status: waiting-for-triage
jzheaux
requested changes
May 6, 2025
There was a problem hiding this comment.
Thanks for the contribution, @fer-marino. It think there may be some misunderstanding that is causing this extra work for you. We cannot change public or protected constructors or methods as this will break applications when they upgrade. For this reason, the ticket indicates the following (emphasis mine)
Add an LdapAuthoritiesPopulator implementation that uses LdapClient
I hope this helps with some of your concerns about failing tests, etc., as well.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
refer #17028
Still a work in progress.
Replaced SpringSecurityLdapTemplate with LdapClient for improved LDAP search and entry handling. Refactored related methods and tests to handle
NamingException, useLdapNamefor DNs, and support updated attribute handling withAttributes. Updated authority mapping logic to streamline nested group resolution and enhance test cases.Integrarion tests for the NestedLdapAuthoritiesPopulator are failing. I can't find an efficient way to get the DN of the result set to build LdapAuthorities, so the resulting set is messed up.
Another major difference with the LdapTemplate is that every search result contains at least the key
spring.security.ldap.dnwhile the LdapClient does not. This breaks some other tests that maybe can be removed.Another note worth mentioning is that integration tests still uses
ApacheDSContainer, which is deprecated and should be replaced byUnboundIdContainerComments are very welcome! :)